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In re application of: 
Application No.: 



Hake, Jens, et al. 
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Filed: 



February 28, 2001 



For: 
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AUTHENTICATION PROCEDURES IN DIGITAL 
MOBILE RADIO TELEPHONE SYSTEMS 



Assistant Commissioner for Patents 
Attention: BoxPCT 
Washington, DC 20231 



Preliminary Amendment 



Sir: 



Please amend the above-identified application as follows: 

In the Claims: 

Please amend the claims as follows: 

3. (amended) Procedure, according to claim 2, is characterized by the mobile 
radio network that, with special algorithms under specification of a random number 
(RAND) determines a SRES/KC-pair for all SIM-specific codes (KI) forming, with 
the respective RAND, RAND/SRES/KC-triplets. 

4. (amended) Procedure, according to claim 3, is characterized by the formed 
RAND/SRES/KC-triplets that are stored in the mobile radio network. 

5. (amended) Procedure, according to claim 4, is characterized by a RAND of 
one of these triplets, that is sent to the subscriber identification module from the 
mobile radio network to initiate the authentication. 

6. (amended) Procedure, according to claim 5, is characterized by the subscriber 
identification module that calculates the corresponding values for SRES and KC by 
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the transmitted RAND and the selected code (KI), and sends the determined answer to 
the mobile radio network. 

7. (amended) Procedure, according to claim 6, is characterized by the 
comparison made to verify agreement or conformity of the received SRES with all of 
the stored SRES for the utilized RAND in the mobile radio network. 

8, (amended) Procedure, according to claim 7, is characterized by the mobile 
radio network and the SIM, which is used to encode the transfer or transmission of the 
matching SRES corresponding KC. 
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REMARKS 

The foregoing Amendment eliminates multiple dependent claims. 
Accordingly, the Amendment places the application in better condition prior to 
examination and adds no new matter. 
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Version With Markings to Show Changes Made 

Amendments in the Claims : 

In accordance with 37 CFR 1.121(c), the following versions of the 
claims as rewritten by the foregoing amendment show all the changes made relative to 
the previous versions of the claims. 

3. (amended) Procedure, according to [claims 1 or 2] claim X is characterized by 
the mobile radio network that, with special algorithms under specification of a 
random number (PIAND) determines a SRES/KC-pair for all SIM-specific codes (KI) 
forming, with the respective RAND, RAND/SRES/KC-triplets. 

4. (amended) Procedure, according to [one of the claims 1 to 3] claim 3 , is 
characterized by the formed RAND/SRES/KC-triplets that are stored in the mobile 
radio network. 

5. (amended) Procedure, according to [one of the claims 1 to 4] claim 4. is 
characterized by a RAND of one of these triplets, that is sent to the subscriber 
identification module from the mobile radio network to initiate the authentication. 

6. (amended) Procedure, according to [one of the claims 1 to 5] claim 5 , is 
characterized by the subscriber identification module that calculates the 
corresponding values for SRES and KC by the transmitted RAND and the selected 
code (KI), and sends the determined answer to the mobile radio network. 

7. (amended) Procedure, according to [one of the claims 1 to 6] claim 6. is 
characterized by the comparison made to verify agreement or conformity of the 
received SRES with all of the stored SRES for the utilized RAND in the mobile radio 
network. 

8. (amended) Procedure, according to [one of the claims 1 to 7] claim 7 , is 
characterized by the mobile radio network and the SIM, which is used to encode the 
transfer or transmission of the matching SRES corresponding KC. 
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Respectfully submitted, 



Date: ^ j'yj^/ Oi 



Johi| M. Harrington 




Attorney for Applicant 
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1001 West Fourth Street 
Winston-Salem, NC 27101 
(336) 607-7318 
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Description 

Procedure to Increase the Security of Authentication 
Processes in Digital Mobile Radio Systems 

The invention concerns a procedure for the increased security of 
authentication processes for digital mobile radio system, according to the 
characterizing clause of patent claim 1 . 

Modem mobile radio networks have special security features and 
precautions, which prevent unauthorized use of operating equipment or 
resources by anyone other than authorized persons and protects against 
possible eavesdropping or tapping of radio operations. The security 
measures refer, therefore, to the protection of the relationship between the 
mobile radio network and the authorized user. A special procedure for 
authorizing the user will prevent a third party from stealing the authorized 
user's identity. By comparing his subscriber identification module with the 
stored data and functions in the mobile radio network, a user must be 
authenticated. In the past, it has been shown over and over that 
authentication processes can be compromised (i.e. spying on the subscriber's 
secret code KI) with specialized knowledge and the right equipment, and 
that this is possible by sequencing random numbers and response numbers 
(that is, RAND / SRES pairs) that can be subjected in larger quantities to 
mathematical procedures, in order to determine the secret code KI of a user. 
Once the secret code KI has been determined, an illegal duplication of the 
subscriber's identification module is possible. 
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With the authentication processes currently being used, the mobile radio 
network uses special algorithms and a SIM-specific secret code KI from a 
random value RAND for an authentication result SRES and a temporary 
code KC. In this way, the mobile radio network has a certain number of 
RAND/SRES/KC-triplets. If a user want to sign in, the mobile radio 
network transmits a random number RAND to the subscriber's identification 
module SIM. The SIM determines, with the same special algorithms and its 
SIM-specific secret code KI, a corresponding SRES/KC-pair and send the 
determined SRES back to the mobile radio network. The mobile radio 
network compares the received SRES with the previously held SRES to see 
if they conform so that a match authenticates the subscriber. The code KC is 
calculated and evaluated on both sides to encode the transmission. 

As previously stated, with the procedures currently being used, it is possible 
to compromise or spy on the code KI in order to gain unauthorized access to 
the mobile radio network. 

The present invention is based on the task of improving the security of the 
authentication procedures of digital mobile radio systems, which make it 
nearly impossible to discover the secret codes. 

The characterizing features in patent claim 1 solve the task. 
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The invention is based, thus, on the fact that there are several various secret 
SIM-specific codes KI stored in the subscriber's identification module in the 
mobile radio network and selects a code from several pre-held secret codes 
for the completion of the authentication between the subscriber's 
identification module and the mobile radio network. 

The advantage of this procedure is based on the fact that a compromise (i.e. 
spying or ferreting out the secret code KI) of the SIM is made substantially 
more difficult because it is not foreseeable nor discemable to the "aggressor" 
or "attacker" which secret code KI of the SIM is being used to calculate the 
SRES answer. 

Another essential advantage of this procedure is that a modification to the 
(interface) operations of the mobile radio network, in particular the air 
operations (interface) is not necessary. Likewise, no modification at the 
terminals or end equipment must be made. Only local software-technical 
modifications at individual network components of the mobile radio 
network, as well as on the SIM, are necessary and these are feasible without 
hardly any costs and very little expenditure. 

Advantageously, the selection of used codes KI result from the SIM 
according to the random principle. 
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In a preferred embodiment, the mobile radio network determines with 
special algorithms under specifications, respectively, a SRES/KC-pair from 
random number RAND for all SIM-specific codes KI of a user, and forms 
the so-called RAND/SRES/KC-triplets with the respectively used RAND. 
The triplet is held in the mobile radio network and can be called upon for 
future authentication procedures. 

For starting up an authentication, the mobile radio network transmits a 
random value RAND of one of these triplets to the subscriber identification 
module SIM, and then, the subscriber identification module selects an 
available code on the basis of the transmitted RAND and calculates the 
appropriate values for the SUES response and the code KC on the basis of 
this selected code KI and sends back the SRES response to the mobile radio 
network. 

In the mobile radio network, a comparison now takes place to determine the 
conformity or matching of the received response SRES to all the SRES 
values held for the used RAND so that if a match is met between two user 
specific responses SRES, the user's authentication is validated. 

Preferably, the mobile radio network will now use the corresponding SRES 
belonging to the KC to encode the transfer or transmission so that the 
identical code KC is available in the SIM and is also used for the encoding 
of the transmission. 
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Subsequently, an embodiment of the invention is explained more closely in a 
drawing representation. Further characteristics, features and advantages of 
the invention are shown in the drawing and corresponding description. 

Figure 1 shows an authentication procedure in a simplified representation 
according to the invention. In order to complete the procedure, several 
secret codes KI must be stored for each user in the mobile radio network 
and, also, in the subscriber identification module. 
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As shown in the table above, for example, three secret codes KI are set aside 
in the mobile radio network for each subscriber X so that now the mobile 
radio network has settings of several random numbers RAND 1, RAND 2 
and RAND 3 and, in each case, secret codes KI 1, KI 2 and KI 3 that 
calculate and store corresponding SRES responses and codes KC. 



Also in the subscriber identification module for the subscriber or user X, 
three possible codes KI 1, KI 2 and KI 3 are set aside. 
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If the user want to check into the mobile radio network, the authentication 
procedures must first be completed, as is shown in figure 1 . The subscriber 
identification module first transmits the subscriber identity number IMSI 
over an appropriate terminal or end device to the mobile radio network. If 
this IMSI is recognized as admissible, then the mobile radio network 
chooses a random value from a stored random value RAND for the user X 
(here, for example, RAND 3) and sends this back to the subscriber 
identification module. The subscriber identification module selects again 
one of the user specific secret codes KI (for example, KI 2) and from the 
RAND 3 and the KI 2, calculates the corresponding SRES response and the 
code KC received by the mobile radio network. The SRES response, that 
was formed from the code KI 2 and the RAND 3, is transmitted back to the 
mobile radio network and compared with the stored SRES value to KI 2 and 
RAND 3. If these SRES values correspond, then the user is considered 
authenticated and can check into mobile radio network. The available codes 
KC are utilized on both sides during the newly-made connection to encode 
the data communication. 
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Patent Claims 

1. Procedure for the increased security of authentication processes in digital 
mobile radio systems is characterized by several different secret SIM- 
specific codes (KI) that are stored in the mobile radio network and in the 
subscriber identification module (SIM), and one code (KI) that is selected 
for the execution of the authentication between subscriber identification 
module and the mobile radio network of the SIM from several stored 
secret codes. 

2. Procedure, according to claim 1, is characterized by the selection of the 
code (KI) by the subscriber identification module (SIM), according to the 
random principle. 

3. Procedure, according to claims 1 or 2, is characterized by the mobile 
radio network that, with special algorithms under specification of a 
random number (RAND) determines a SRES/KC-pair for all SIM- 
specific codes (KI) forming, with the respective RAND, 
RAND/SRES/KC-triplets. 

4. Procedure, according to one of the claims 1 to 3, is characterized by the 
formed RAND/SRES/KC-triplets that are stored in the mobile radio 
network. 

5. Procedure, according to one of the claims 1 to 4, is characterized by a 
RAND of one of these triplets, that is sent to the subscriber identification 
module from the mobile radio network to initiate the authentication. 



Express Mail No. EL694910579US 



6. Procedure, according to one of the claims 1 to 5, is characterized by the 
subscriber identification module that calculates the corresponding values 
for SRES and KC by the transmitted RAND and the selected code (KI), 
and sends the determined answer to the mobile radio network. 

7. Procedure, according to one of the claims 1 to 6, is characterized by the 
comparison made to verify agreement or conformity of the received 
SRES with all of the stored SRES for the utilized RAND in the mobile 
radio network. 

8. Procedure, according to one of the claims 1 to 7, is characterized by the 
mobile radio network and the SIM, which is used to encode the transfer 
or transmission of the matching SRES corresponding KC. 
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PCf^temationalen Anmeldung in in ©iner gemaB dem ersten Absatz von TWe 
35.:^^CodG. § 112 vorgascfiflaoenen An und Welse offenbart wurde, meine 
Pftid^ii zur Offenbarung jegllcher Infonnatlonen an» die zur Profung der 
Patepiithigkeit in EinWang mil Title 37. Coda of Federal Regulations. § 1.58 von 
Beianj^ sind und dia im Zaltraum zwischen dem Anmeidetag der frOheren 
Pat«ibnmeldung und dem natlonalen oder im Rahmen de? Vertraga Ober die 
Zusja^^menarbeit auf dem Geblet des Patentwesen (PCT) gOttigen 
intamitlonalen Anmetdetags bekannt geworden stnd. 



(Application No.) 
(Aktenzeichen) 

(^.^lication No.) 
4Aktenzelchen) 



(Filing Date) 
^AnmeJdeiag) 

"(Filing Date) 
(Anmeidetag) 



tch erktara hiermit daS at(e in der voftiegenden Endarung von mir gemachten 
Angaban naeh bestem Wissen und Gevyrfssen der WahrTieEt entsprechen, und 
fernar daft ich dtese d{daestattfleft§ grkt^rui^g In Kenntnts dessen ablege. dalS 
wtssentDch und vorsatziich faischa Angaben oder derglelchen gemd& § 1001, 
Title 18 des US-Code strafbar sJnd und mit Geldstrafe und/oder GefSngni^ 
bestraft warden kOnnen und dafi derartige wissenttich und vorsatzlicfi falsche 
Angaben die Rechiswirkeamkelt dec voriieger^n Patentanmeldung oder eines 
aufgrund deren ertaitten Paientes gefahrden konnen, 



I hereby claim foreign priority under Title 3S, ii9(a)-(d) or § 366(b) of any foreign 
appiicatlon(s) for patent or Inventor's ceittfieate, or § 365(a) of any PCT 
Iniamatior^l appHcatton vi^lch designated at least one country othar than the 
United States, listed below and have also identified below, by checking the box. 
any foreign application Ibr patent or Inventor's certificate, or PCT intemationai 
application having a filing data before that of the apptfcation on which priori^ is 
Claimed, 

Priority Not Claimed 
Prioritat nfcht beanspnict 



9/7/95 

(Day/MomWYea/ Filed) 

(T ag/Monat/Jahr der Anmeldung) 

9/7/99 

(Oay/Month/Year Filed) 
(Tag/Monat/Jshr der Annneldung) 



□ 



□ 



I hereby daim the benefit under Title 35. United States Code. § 119(e) of any 
United States prcvi^lonBE app]ication(s)listad below. 



I hereby claim the benefit under Title 35. United States Code. § 120 of any 
United States applicatk)n(s), or § 365(c) of any PCT International application 
designating the United States, listed below and. insofar as me street meaer of 
each of the claims of this application is not dtsdosed In tne prktr Unlced States or 
PCT International application in the manner provided by the first paragraph of 
Title 35. United States Code, § 112, i acknotvledge the duty to disclose 
Information which la materia! to patentability as defined in Title 37, Code of 
Federal Regulations, § 1.56 which became available between the filing date of 
the prior application and the national or PCT Intamationai filing date of this 
application. 



(Status) (patented, pending, abandoned) 
(Status) (paientlea schwebend, aufgegeben) 



(Status) (patented, pending, abandoned) 
(Status) (patentlert, schwebend, aufgegeben) 

I hereby declare that all statements made herein of my own knowledge ere true 
and that all statements made on inforrr^tion and belief are believed to be true; 
and further that these statements were made with the knowledge that watful false 
statements and the like so made are punishable by fine or imprisonment, or both, 
under Section 1001 of Title 1 8 of the United States Code and that such willful 
ialse statements may jeopardize the validity of the application or any patent 
issued thereon. 
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EXPRESS MAIL NO. tLUW^iosiq n^ 

^ ■ • - PTO/SB/t03 (8-96) 

Approved for usa through 9^96. CMS oeS 1-0032 
Patent and Trademerk Office: U.S. DEPARTMENT OF COMMERCE 
Unddr thd Papftrw^rk Reduction Act of 1MS, no parsons ar§ required to respond to a eoltecilon of Information unfew it displaya a valid 0M8 control number. 



German Language Declaration 



VERTRETUNOSVOLMACHT: AIs benannter Erfincier beauftrage tch 
hiermit den (die) nachst©hand au^efllhrten Patentanwatt 
(Patentanwait©) und/oder Vertreter mit der Verfolgung der 
vorliegenden Patenlanmeldung sowie mIt d©f Abwicklung alter damit 
verbundenon Angelegenheiten vor dem US-Patent- und Markenamt: 
(Namefn) und Registrationsnummer(n) aufifsten) 



Postanschrift: 

John M. Harrington 
Kilpatrick Stockton LLP 
1001 West Fourth Street 
Winston-Salem, NC 27101 



Tetefenische Auakonfte: iNam& und Tefefonnummei) 
JohhH Harflngton (336) 607-7318 



— — ^ f r~~ 

VofilOna Zuname des Binzicjsn edef •rsrAn Prrtnri«fs|.l<»n« Half*, j 


Full name of sola or first Inventor Jens Hake 


Unug«hrift<tesErfinde« "7 fj^^^ Oa.un, g ^^^^ 


Inventor's signature Date 


WQfmsits Slldweg 4b, D-0^s4>,Kenritau, Germany ^ ^^^^^ 


Residence Sudweg 4b. D0©24^»jKemtau, Gemnany 


St^^^angehiSrigkelt German 

'dsL _. . . 


Citlzendtiip Gannan 


1 Pos^nschrift ssme as above 


Post Office Address sanne as above 






^>^^jrd 2vn""'q dff«r mvpf^^^^ft-Mr^^ Jorg 


Full name of second Joint inventor, if any Jong Thelen 


Unterschrfft des zweiten Erfinder '^^^^ /^^^""^ N^^/ W>4 


Second Inventor's signature Date 


Wohnsitz Nesselroderstrasse 27. eJ^227, Bonn, Germany ' /^^^^ 


Residence Nesselroderstrasse 27, D-53227, Bonn, Gennany 


Staalsangeh6rigkeit German 


Citizenship Gemnan 


Postanschrrft same as above 


Post Office Address same as above 







POWER OF ATTORNEY: As a named inventor, I hereby appoint the 
following attomey(s) and/or agent(s) to prosecute this application and 
transact all business in the Patent and Trademark Office connected 
therewith: (list name and rBgistration number) 



Send Correspondence to: 

John M. Harrington 
Ki lpatrick Stockton LL P 
1 001 West Fourth Stree t 

V^^nstOThgalemJNiaaZl^ 

Direct Telephone Calls to: {ndme and telephone number) 
John M. Harrington (336) 607-7318 



(Im Falle dritter und weiterer Miterfinder sind die entsprechefKJen 
Informatjonen und Unterschriften hinzuzufogen.) 



(Supply similar infornistion and s^nature for third and subsequent joint 
inventors.) 
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